24 February 2020
As technologies become more interconnected and mobile devices abound, the traditional approach to cybersecurity has become redundant.
With the increase of Bring Your Own Device (BYOD) and the Internet of Things (IoT), identity protection at the individual level is already one of the largest risks to companies. Supporting this notion are security experts Lookout, who estimate that the majority of cyber-attacks in 2020 will begin with the mobile device.
“When someone logs into their workplace from home, they're using the same device – most likely their mobile - that controls access to their personal networks, including their digital assistant, smart television, smart refrigerator and even their connected car," says Macquarie Capital Managing Director, Tej Shah.
"Each of these devices is, in turn, connected to thousands, potentially millions, of additional devices through the apps and the software they use."
“When you couple that with machine learning, which can leverage phishing as an attack method more easily, especially at the individual level, you can see how the perimeter quickly becomes nebulous, making it easier for a hacker to get into a company's system through a single point of weakness."
Additional technological advancements such as 5G also contribute to an increase in attacks at a corporate and individual level by allowing more types of devices and advanced capabilities to connect, forcing companies to reevaluate their risk models. In fact, the International Data Corporation forecasts that with the growth of 5G networks, the number of IoT endpoints will rise from 12.1 billion in 2015 to 30 billion in 2030.
Even without a 5G connection, identity theft has become large-scale. Recent examples from IdentityForce highlight how threats are prevalent across a variety of industries and sectors, including dating site Coffee Meets Bagel, which saw the names and email addresses of all users who registered before May 2018 exposed, impacting approximately six million people. Dow Jones was also impacted in 2019 when the identity records of more than 2.4 million government politicians were exposed. IBM research shows that in the last three years alone, organizations have lost or had stolen 11.7 billion records.
These breaches come at a high cost. According to the same IBM research, breaches of one million or more records can cost a business $US42 million. Breaches of 50 million records are forecast to cost companies $US388 million.
The type of infringement also matters; those that are malicious in nature account for 51 per cent of total breaches and cost on average $US1 million more than those that are accidental. Although malicious infractions tend to be costlier, accidental breaches caused by human error, for example, are not to be overlooked at an average cost of $US3.5 million.
Despite corporations embracing new technologies, many still do not feel confident in managing a cyber threat, especially when it comes to mobile technology. According to Cisco, 57 per cent of IT professionals cite mobile as the most difficult device type to defend, raising the issue of the individual again.
To combat this, Veracode says that companies are growing their Development Security and Operations teams and building increased security in each phase of the development pipeline, but there is still a significant skills shortage in the space. According to Cybersecurity Ventures, there were over 1 million unfilled cybersecurity jobs in 2014, which is expected to rise to 3.5 million by the end of 2021.
Again, costs will play a significant role in the industry. Those organizations who have strong incident response teams testing their cybersecurity breach plans are estimated to mitigate the financial loss of a breach by $US1.2 million compared to those who don't, according to IBM.
While the latest technology has increased the cybersecurity threat, Shah says technologies such as artificial intelligence, big data and machine learning are also part of the solution: “these can help networks naturally learn and evolve their algorithms as they detect attempted attacks and learn how to better identify potential intruders."
He expects more complex, all-encompassing solutions to continue to evolve, such as moving from a two-factor to multi-factor authentication. Mission Secure, a participating company in the Macquarie Capital Venture Studio, is one such solution to stop cyber-attacks in its tracks with its MSi Platform that leverages both hardware and software to monitor multiple entry points before they reach critical control components.
“Cybersecurity constantly changes with the addition of new technologies, and the only way to combat breaches is to continue to invest in a comprehensive, multi-layered solution." says Shah.
Cisco, Annual Cybersecurity Report 2018, p 47
AT&T Cybersecurity Report, The CEO's Guide to Securing the Internet of Things, pp 5 and 8.